fix typo; implement vhost deployment

This commit is contained in:
Robert Kaussow 2018-08-12 21:42:13 +02:00
parent 6046d7e11d
commit 767b26c3b1
5 changed files with 63 additions and 3 deletions

View File

@ -50,7 +50,7 @@ nginx_tls_enabled: False
nginx_tls_certs_dir: /etc/pki/tls/certs nginx_tls_certs_dir: /etc/pki/tls/certs
nginx_tls_key_dir: /etc/pki/tls/private nginx_tls_key_dir: /etc/pki/tls/private
nginx_tls_cert_file: "{{ nginx_tls_certs_dir }}/mycert.pem" nginx_tls_cert_file: "{{ nginx_tls_certs_dir }}/mycert.pem"
nginx_tls_private_key_file: "{{ nginx_tls_key_dir }}/mykey.pem" nginx_tls_key_file: "{{ nginx_tls_key_dir }}/mykey.pem"
nginx_tls_source_use_content: False nginx_tls_source_use_content: False
nginx_tls_source_use_files: True nginx_tls_source_use_files: True
nginx_tls_cert_source: mycert.pem nginx_tls_cert_source: mycert.pem

View File

@ -99,8 +99,8 @@
- block: - block:
- name: Add default page configuration file - name: Add default page configuration file
template: template:
src: 'etc/nginx/sites-available/default.j2' src: etc/nginx/sites-available/default.j2
dest: '/etc/nginx/sites-available/default' dest: /etc/nginx/sites-available/default
owner: root owner: root
group: root group: root
mode: 0640 mode: 0640

24
tasks/vhost.yml Normal file
View File

@ -0,0 +1,24 @@
---
- block:
- name: Add default page configuration file
template:
src: etc/nginx/sites-available/vhost.j2
dest: "/etc/nginx/sites-available/{{ item.key }}"
owner: root
group: root
mode: 0640
with_dict: nginx_vhosts
notify: __nginx_reload
- name: Enable default page
file:
src: "/etc/nginx/sites-available/{{ item.key }}"
dest: "/etc/nginx/sites-enabled/{{ item.key }}"
owner: root
group: root
state: link
with_dict: nginx_vhosts
notify: __nginx_reload
when: nginx_vhosts is defined
become: True
become_user: root

View File

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: True
# {{ ansible_managed }} # {{ ansible_managed }}
server { server {
listen 80; listen 80;

View File

@ -0,0 +1,35 @@
#jinja2: lstrip_blocks: True
# {{ ansible_managed }}
{% if item.value.proxy_server is defined %}
upstream backends {
{% for server in item.value.proxy_server %}
server {{ server }};
{% endfor %}
}
{% endif %}
server {
listen 80;
server_name {{ item.value.server_name }};
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name {{ item.value.server_name }};
location / {
proxy_pass https://backends;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/pki/tls/certs/le-rknet.pem;
ssl_certificate_key /etc/pki/tls/private/le-rknet.pem;
}